Out-Law News | 29 Jul 2014 | 4:39 pm | 2 min. read
The Council of Minsters' General Affairs Council voted to support the Regulation on e-ID and trust services at a meeting last week. The Regulation is expected to come into force shortly. The European Parliament previously gave its backing to the new rules in April.
Under the new rules, EU countries would have the option of signing up to a 'mutual recognition' scheme for e-ID. Many member states have national e-ID schemes that are relied upon for verifying the identity of consumers when transacting or engaging with public services online.
In a move designed to boost cross-border trade in the EU, the e-ID schemes used nationally would be recognised by other EU countries if the countries agree to give recognition to the national e-ID schemes operated by those other nations, under certain conditions.
Those conditions include that standards of identity assurance relevant to the authentication of e-IDs in one e-ID scheme are at least equivalent to those required by public sector bodies in the country in which mutual recognition is being given, so long as the assurance level of e-ID verification methods in that country corresponds to a 'substantial' or 'high' assurance level rating.
Only national e-ID schemes that are "interoperable" could be put forward by EU countries for participation in the mutual recognition regime. The mutual recognition scheme is not expected to be in operation until the latter half of 2018.
"In most cases, citizens cannot use their electronic identification to authenticate themselves in another member state because the national electronic identification schemes in their country are not recognised in other member states," a recital to the Regulation said. "That electronic barrier excludes service providers from enjoying the full benefits of the internal market. Mutually recognised electronic identification means will facilitate cross-border provision of numerous services in the internal market and enable businesses to operate on a cross-border basis without facing many obstacles in interactions with public authorities."
"It is up to the member states to choose whether they want to notify all, some or none of the electronic identification schemes used at national level to access at least public online services or specific services," the Council of Ministers added in a statement.
The new Regulation also lays out rules on authentication of individuals' transactions, data security and privacy that companies providing 'trust services' have to adhere to.
"Having regard to the latest technological developments, those measures shall ensure that the level of security is commensurate to the degree of risk," according to the new rules.
Trust service providers can apply for 'qualified status' and will be able to display an "EU trustmark to indicate in a simple, recognisable and clear manner the qualified trust services they provide".
The Regulation also outlines standards for enabling electronic signatures to take on the "equivalent legal effect of a handwritten signature". Similar measures are designed to give recognition to electronic seals and electronic time stamps on digital documents to validate and verify online agreements.
"Practice has shown that citizens, enterprises and implementing organizations may have difficulty distinguishing between different security levels of electronic identities and trust services," a declaration by the Netherlands said. "Member states will have to cooperate intensively and give practical guidance to users in the implementation phase of the regulation. Only then will mutual acceptance of electronic identities and trust services become a reality and will the regulation contribute to the completion of the internal market."